Security
Last updated
Last updated
You can whitelist specific domains in order to allow only specific external sources to be requested. In addition, you can combine Domain whitelisting with Aliases to send custom headers to a non-public external storage for authentication purposes.
In order to set the whitelisting configuration for a specific domain, you need to have an Owner, Admin, Manager or Developer and to go to Settings > Optimization > Delivery > (tab) Security.
Then click on + Add domain and enter the domain name that you would like to whitelist without the https://- part:
In the example above, domain sample.li is whitelisted. Which means that if we try to process an image with any other domain except sample.li(eg: www.your-own-domain.com), the system will return an error status code 406 (Not Acceptable).
If you prefer, this response can be changed to HTTP 404 (Default missing image).
Aliases are also supported. In case you have set a or a alias, you can add it as a value (eg: _myalias_) in the list of Whitelisted domains.
